nasty device_delete_child interaction
John Baldwin
jhb at FreeBSD.org
Thu Jan 29 07:59:05 PST 2004
[ Moved this to new-bus@ list as that is more appropriate. ]
On Thursday 29 January 2004 01:35 am, John Wehle wrote:
> device_delete_child works by starting with the grandchildren
> working back towards the immediate child. Several drivers
> (i.e. if_xl.c, if_wx.c, iicbb.c) have code similar to:
>
> xxx_attach()
> {
>
> ...
> sc->child_dev = device_add_child ...
> }
>
> xxx_detach()
> {
>
> bus_generic_detach ();
> if (sc->child_dev)
> device_delete_child ...
> }
>
> The problem is using device_delete_child on one of these
> drivers causes the grandchild to be freed twice. When
> device_delete_child is called for xxx, it recurses since
> xxx has a child. The grandchild is detached and deleted.
> xxx_detach is then called which calls device_delete_child
> for the grandchild a second time causing a panic.
>
> It seems to me that any driver which calls device_delete_child
> as part of detaching must also implement something like:
>
> xxx_child_detached()
> {
>
> if (child == sc->child_dev)
> sc->child_dev = NULL;
> }
>
> xxx_detach()
> {
>
> /*
> * Remember the child so we can delete it (bus_generic_detach
> * indirectly zeroes sc->child_dev).
> */
> child = sc->child_dev;
>
> bus_generic_detach();
> if (child)
> device_delete_child ...
> }
>
> or am I missing something?
>
> -- John
> -------------------------------------------------------------------------
>
> | Feith Systems | Voice: 1-215-646-8000 | Email: john at feith.com |
> | John Wehle | Fax: 1-215-540-5495 | |
>
> -------------------------------------------------------------------------
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
More information about the freebsd-new-bus
mailing list